Total
7817 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7888 | 1 Samsung | 2 Galaxy S6 Edge, Galaxy S6 Edge Firmware | 2025-04-20 | N/A |
| Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download. | ||||
| CVE-2016-8206 | 1 Brocade | 1 Network Advisor | 2025-04-20 | N/A |
| A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files. | ||||
| CVE-2015-7669 | 1 Easy2map | 1 Easy2map | 2025-04-20 | N/A |
| Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality." | ||||
| CVE-2017-10841 | 1 Webcalendar Project | 1 Webcalendar | 2025-04-20 | N/A |
| Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-9067 | 2 Modx, Php | 2 Modx Revolution, Php | 2025-04-20 | N/A |
| In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal. | ||||
| CVE-2011-5325 | 3 Busybox, Canonical, Debian | 3 Busybox, Ubuntu Linux, Debian Linux | 2025-04-20 | 7.5 High |
| Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink. | ||||
| CVE-2015-1429 | 1 Cybelesoft | 1 Thinfinity Remote Desktop Workstation | 2025-04-20 | 7.5 High |
| Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. (dot dot) in an unspecified parameter. | ||||
| CVE-2017-11440 | 1 Sitecore | 1 Cms | 2025-04-20 | N/A |
| In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter. | ||||
| CVE-2016-2087 | 1 Hexchat Project | 1 Hexchat | 2025-04-20 | N/A |
| Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name. | ||||
| CVE-2017-16762 | 1 Sanic Project | 1 Sanic | 2025-04-20 | N/A |
| Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring. | ||||
| CVE-2017-2240 | 2 Apple, Hammock | 2 Mac Os X, Assetview | 2025-04-20 | N/A |
| Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service". | ||||
| CVE-2017-17927 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | N/A |
| PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. | ||||
| CVE-2017-14719 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. | ||||
| CVE-2017-15895 | 1 Synology | 1 Router Manager | 2025-04-20 | N/A |
| Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | ||||
| CVE-2016-10184 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 7.5 High |
| An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal. | ||||
| CVE-2015-8352 | 1 Zen-cart | 1 Zen Cart | 2025-04-20 | N/A |
| Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php. | ||||
| CVE-2017-9097 | 1 Hoytech | 1 Antiweb | 2025-04-20 | N/A |
| In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file. | ||||
| CVE-2017-6629 | 1 Cisco | 1 Unity Connection | 2025-04-20 | N/A |
| A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118. | ||||
| CVE-2015-8235 | 1 Call-cc | 1 Spiffy | 2025-04-20 | N/A |
| Directory traversal vulnerability in Spiffy before 5.4. | ||||
| CVE-2017-2163 | 1 N-i-agroinformatics | 1 Soy Cms | 2025-04-20 | N/A |
| Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id. | ||||